Security Information

Security Information

Table of Contents

Sent Via - In Emails

In certain cases, the 'From address' which appears in the email, may be different from the actual email address using which the email was sent. There are two possible cases: 

  • Genuine Cases:  In genuine cases, the owner or the admin of the domain/ email address may be using another service or application, to send emails on his/ her behalf. In this case, the application will be sending emails from a third-party domain, which differs from the actual sender. (Ex: Marketing emails/ Newsletters/ etc)
  • Spoofing Cases: Most of the Spam or phishing emails, are sent on the pretext of your own domain, or a domain/ contact whom you trust. In this case, the sender would not have anything to do with the domain which actually sends these emails. While most of these emails, would be identified and marked as Spam by our Spam filters, it is possible that some of these emails make way to your Inbox.

To help you identify the emails, which have the 'From' email address to be different from the actual 'Sender' email address, Zoho Mail provides the 'Sent Via' information along with the actual sender information in the email preview pane. You can click the 'Via' link to view the original sender of the email. 

Zoho Mail provides you this information, to protect you from misleading emails, sent using a different email address, under a disguise of some of your contacts. 

Click the small triangle below to view the original sender details of the email. 

In cases where you notice this difference in the actual email address and the From address in the email, you can be extra cautious and avoid disclosing any important information by replying to the email or following any instructions in the email.  

Spam Warning

Unauthenticated and suspicious emails are automatically identified by Zoho Mail. A warning message is displayed in the Preview of these unauthenticated emails. This warning label can appear in different scenarios:

  • Unconfirmed Sender - When the actual sender is not the same as the person/ company who appears to send the email.
  • Spam check fail - When the email fails DMARC/ SPF/ DKIM checks.

You can click on the Report Spam to mark the email as Spam.


Report Spam option will not be available for Shared emails and emails in Shared folders or Spam folder.

Encryption Status

Incoming emails

Encryption of emails in transit helps keep your emails safe while it travels from the sender to recipient. This protects your emails from being read by unauthorized parties, while in transit. The level of encryption of the emails you receive is displayed in the email preview pane.

The emails you receive could be encrypted using Transport Layer Security (TLS) or not encrypted at all depending on the sender's email service provider. TLS is a protocol that uses symmetric cryptography to encrypt emails in transit.

No encryptionThe email has not been encrypted.
Standard EncryptionThe email has been encrypted using TLS (Transport Layer Security).
S/MIME The email has been encrypted using S/MIME (Secure/ Multipurpose Internet Mail Extension)

Outgoing Emails

You can view the level of encryption of the emails you send. Navigate to your Sent folder and click on the Delivery status icon of any delivered email. The level of encryption of the sent email is displayed in the delivery details pop up that opens.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: